CVE-2010-2572 | Microsoft Office - PowerPoint Operational Intel

Executive Risk Summary

"A buffer overflow vulnerability in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document. This vulnerability can be exploited by an attacker to gain control of the affected system."

Anticipated Attack Path

1. Phishing or social engineering to deliver the malicious PowerPoint document
2. Exploitation of the buffer overflow vulnerability
3. Execution of arbitrary code on the system

Am I Vulnerable?

Verify that Microsoft Office - PowerPoint is up-to-date with the latest security patches
Use alternative presentation software that is not vulnerable to this exploit
Implement email and file filtering to block malicious PowerPoint documents

Operational Audit Arsenal

Target Type Process

Target Asset powerpnt.exe

Standard Path C:\Program Files\Microsoft Office\Office\powerpnt.exe

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: powerpnt.exe (Process)
$Targets = 'powerpnt.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}